13.2.5 Peripherals Security Attribution
In addition to generic protection features, the Peripheral Access Controller (PAC) configures the security privileges for each individual peripheral in the system.
Each peripheral can only be configured either in Secure or in Non-Secure mode except the IDAU and NVMCTRL peripherals, which are always Secured, and the DSU peripheral which is always Non-Secured.
The PAC NONSECx registers (read only) contain one bit per peripheral for that purpose, which is the image of the NONSECx fuses from the NVM User row (UROW).
During Boot ROM execution, the NONSECx fuses from the NVM User row are copied in the PAC peripheral NONSECx registers so that they can be read by the application.
All peripherals are marked as "exempt" in the memory map, meaning that all bus transactions are propagated. As a consequence, any illegal accesses are reported back to the PAC and trigger an interrupt if enabled.
The security configuration (Secure or Non-Secure) is propagated to each individual peripheral, thus it is the responsibility of the peripheral to grant or not the access with the following rules:
- If the peripheral is configured
as Non-Secure in the PAC:
- Secure and Non-Secure accesses are granted
- If the peripheral is configured
as Secure in the PAC:
- Secure access is granted
- Non-Secure access is
discarded (Write is ignored, read 0x0), a PAC error is triggeredImportant: These rules do not apply to the specific peripherals called Mix-Secure peripherals.
Mode | Secure Host Access | Non-Secure Host Access |
---|---|---|
Non-Secure | Read / Write | Read / Write |
Secure | Read / Write | Discarded (Write ignored / Read 0x0) PAC Error is generated |